U.S. public company directors are increasingly using generative AI tools for board-related work without formal oversight, raising concerns that sensitive corporate information is being exposed through unapproved platforms. The latest Director Confidence Index from Diligent Institute and Corporate Board Member found that 82% of directors use generative AI for board work, while 69% said their organizations have no formal AI policy and only 6% reported a policy specifically covering board AI use.
Directors are reportedly using consumer services such as ChatGPT and Claude to summarize board books and meeting materials that may contain proprietary and confidential information, creating privacy, security, and legal discovery risks because prompts and generated content could be subpoenaed in litigation. The reports say the problem is compounded by directors often working on personal or non-corporate devices, and they urge CIOs to coordinate with legal teams and boards to assess current usage, deploy secure governance-specific AI tools separated from public models, and establish board-specific policies and training.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
1 event from the most recent confirmed update back to the earliest known activity.
The latest Director Confidence Index from Diligent Institute and Corporate Board Member found that 82% of U.S. public company directors use generative AI for board work, while 69% report having no formal AI policy and only 6% have a policy specific to board AI use. The reporting highlights that directors are using consumer tools such as ChatGPT and Claude with potentially sensitive board materials, creating privacy, security, and legal discovery risks.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
3 references tracked. Mallory keeps watching after this page renders.
govinfosecurity.com
Open sourcebankinfosecurity.com
Open sourcediligent.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.